When we think of IT systems and Industrial Control Systems (ICS) we tend to think that there is a vast difference in the way they are secured and managed but in reality there is little difference in the approach needed to secure the two separate system types.
The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or create a denial-of-service condition. Users and administrators are encouraged to review Samba Release News Read more about Samba Security Updates Address Badlock Vulnerabilities[…]
On the 23rd December 2015 Ukraine suffered what is believed to be the first successful cyber-attack on an electricity distribution network cutting the power at 17 substations and leaving 225,000 people without power for several hours. In this blog we review the events leading up to and during the attack and what additional security controls Read more about January 2016 – Ukraine Power – Cyber Attack[…]
Original release date: March 08, 2016 Adobe has released security updates to address multiple vulnerabilities in Acrobat, Reader, and Digital Editions. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins APSB16-09 and APSB16-06 and apply the Read more about Adobe Releases Security Updates for Acrobat, Reader, and Digital Editions[…]
Original release date: March 11, 2016 OpenSSH version 7.2p2 has been released to address a vulnerability in all prior versions. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information. We encourage users and administrators to review the OpenSSH Security Advisory and apply the necessary update. Source: US CERT Alerts
Original release date: March 09, 2016 Apple has released a security update for Windows 7 and later to address a vulnerability in Apple Software Update. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators should review the Apple security website for Software Update 2.2 and apply Read more about Apple Releases Security Update[…]
Original release date: March 07, 2016 Internet Systems Consortium (ISC) has released security updates to address a vulnerability in versions of ISC Dynamic Host Configuration Protocol (DHCP) server. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Updated versions of ISC DHCP (4.1-ESV-R13 and 4.3.4) will be available soon, and Read more about ISC Releases Security Updates for DHCP Server[…]
Security researchers have discovered a new weakness that could allow attackers to spy on encrypted communications between users and one in three HTTPS servers. Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability – referred to as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) in public reporting – may allow a remote attacker to obtain the private key of a server supporting SSLv2.